SonicWALL 4000 manual Selecting a SonicWALL Recommended  Deployment Scenario, Scenario B

Page 5

Selecting a SonicWALL Recommended

Deployment Scenario

The deployment scenarios described in this section are based on actual customer deployments and are SonicWALL-recommended deployment best practices. This section describes three common deployments of the SonicWALL SSL VPN 4000. In Table 1, select the scenario that most closely matches your deployment.

Scenario A SSL VPN on a New DMZ

 

SonicWALL

 

 

UTM Appliance

Switch/

 

 

Router

 

Hub

 

SonicWALL

 

Remote Users

SSL-VPN 4000

LAN

on DMZ

Resources

in Internet Zone

 

 

 

Scenario B

SSL VPN on an Existing DMZ

 

SonicWALL

 

 

UTM Appliance

Switch/

 

 

Router

 

Hub

 

 

 

 

Switch/

 

 

Hub

Remote Users

SonicWALL

LAN

in Internet Zone

SSL-VPN 4000

Resources

 

on Existing DMZ

 

Scenario C SSL VPN on the LAN

Gateway

Device

Switch/

Hub

Remote Users

SonicWALL

SSL-VPN 4000

in Internet Zone

on LAN

 

Table 1: SonicWALL SSL VPN 4000 Deployment Scenarios

Gateway Device

SonicWALL Recommended

Conditions or Requirements

 

Deployment Scenarios

 

 

 

 

 

 

SonicOS Standard 3.1 or higher:

Scenario A: SSL VPN on a New DMZ

OPT or X2 interface is unused

TZ 170

 

A new DMZ configured for either NAT or

TZ 180 Series

 

 

Transparent Mode operation.

PRO 1260

 

(Optional) Plan to provide SonicWALL deep

PRO 2040

 

 

packet inspection security services such as

 

 

GAV, IPS, and Anti-Spyware.

PRO 3060

 

 

 

 

 

 

Scenario B: SSL VPN on Existing DMZ

OPT or X2 interface is in use with an

 

 

 

existing DMZ

 

 

(Optional) Plan to provide SonicWALL deep

 

 

 

packet inspection security services such as

 

 

 

GAV, IPS, and Anti-Spyware.

 

 

 

 

SonicOS Enhanced 3.1 or higher:

Scenario A: SSL VPN on a New DMZ

OPT or unused interface

TZ 170 Series

 

A new DMZ configured for either NAT or

TZ 180 Series

 

 

Transparent Mode operation.

TZ 190 Series

Scenario B: SSL VPN on Existing DMZ

No unused interfaces

PRO Series

 

One dedicated interface in use as an

NSA E-Class (SonicOS 5.0+)

 

 

 

existing DMZ

NSA Series (SonicOS 5.0+)

 

 

 

Scenario C: SSL VPN on the LAN

No unused interfaces

 

 

 

No dedicated interface for a DMZ

 

 

 

 

SonicOS Standard 3.1 or higher:

Scenario C: SSL VPN on the LAN

Not planning to use SonicWALL deep

TZ 150 Series

 

 

packet inspection security services such as

TZ 170 Wireless

 

GAV, IPS, and Anti-Spyware.

TZ 170 SP

 

Interoperability with a third-party gateway

 

 

device

 

 

 

SonicWALL devices running

 

 

 

legacy firmware

 

 

 

Third-Party Gateway Device

 

 

 

 

 

 

 

Page 4

Page 4 Page 6
Image 5
Page 4 Page 6
Contents SonicWALL SSL VPN Getting Started Guide SonicWALL Sslvpn 4000 Appliance Getting Started Guide SonicWALL Sslvpn 4000 Configuration StepsWhat You Need to Begin Check Package Contents Any Items Missing?Before You Begin Other Information Network Configuration InformationScenario a SSL VPN on a New DMZ Selecting a SonicWALL Recommended  Deployment ScenarioScenario B Scenario C SSL VPN on the LANPower LED Test LED Alarm LED 2 Applying Power to the SonicWALL Sslvpn Accessing the Management Interface If You Cannot Login to the SSL VPN  Configuring Your SonicWALL Sslvpn Adding a Local User Setting Your Administrator PasswordSelect the Users Local Users Select Users Local UsersConfiguring DNS / Wins Setting Time ZoneConfiguring SSL VPN Network Settings Select the Network Interfaces Configuring the X0 IP address for Scenario B and Scenario CPage Adding a NetExtender Client Route Configuring a Default RouteSelect the Network Routes Select the NetExtender Client RoutesRoute Destination Network Subnet Mask Setting your NetExtender Address RangeScenario a 192.168.200.100 toScenario C Select the NetExtender Client SettingsPage Scenario a Connecting the SonicWALL Sslvpn  Connecting the SonicWALL SslvpnScenario B Configuring Your Network Interface Scenario C Configuring Your Network Interface Scenario B Connecting the SonicWALL SslvpnScenario C Connecting the SonicWALL Sslvpn Scenario a SSL VPN on a New DMZ  Configuring Your Gateway DeviceScenario a Connecting to the SonicWALL UTM Appliance Scenario a Allowing WAN DMZ Connection in SonicOS Standard Select the Network SettingsSelect the Firewall Access Rules Public Server page, perform the following selections Scenario a Allowing DMZ LAN Connection in SonicOS Standard Interface Congratulations page, click Apply to create the access rule Create access to the LAN for NetExtender Select the Network Interfaces Add Service Group dialog box should display Server Private Network Configuration page, enter Click Next SSL VPN Click OK to create the object Click Add to create the rule Scenario B Allowing WAN DMZ Connection in SonicOS Standard Scenario B Connecting to the SonicWALL UTM ApplianceScenario B SSL VPN on Existing DMZ Public Server page, perform the following selections Scenario B Allowing DMZ LAN Connection in SonicOS Standard IP Address Begin Congratulations page, click Apply to create the access rule Continue to Step Scenario B Allowing WAN DMZ Connection in SonicOS Enhanced Server Private Network Configuration page, enter SonicWALL SSL VPN 4000 Getting Started Guide Scenario B Allowing DMZ LAN Connection in SonicOS Enhanced Click OK to create the object Click OK to create the rule Scenario C SSL VPN on the LAN Scenario C Connecting to the SonicWALL UTM ApplianceScenario C Configuring SSL VPN LAN Connectivity Select Public Server Rule Scenario C Setting Public Server Access in SonicOS StandardEnter SSL VPN in the Server Name field Scenario C Setting Public Server Access in SonicOS EnhancedVerifying a User Connection from the Internet  Testing Your SSL VPN ConnectionContinue to Step Before You Register  Registering Your SonicWALL SslvpnRegistering with MySonicWALL Creating a MySonicWALL Account from System LicensesSonicWALL SSL VPN 4000 Getting Started Guide Click Continue CongratulationsConfiguring Dynamic DNS Page SonicWALL SSL VPN 4000 Getting Started Guide Windows Configuring a Static IP AddressWindows XP Select Specify an IP Address Windows NTOpen Network  Mounting Guidelines Glossary of Networking Terms Page Cable Connections Lithium Battery WarningTrademarks Copyright NoticeSonicWALL SSL VPN 4000 Getting Started Guide Page SonicWALL, Inc
Top Page Image Contents